CVE-2025-6431
BaseFortify
Publication date: 2025-06-24
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * | |
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Firefox for Android allows an attacker to bypass the default prompt that appears when a link is opened in an external application. Normally, Firefox asks the user for confirmation before opening such links, but due to this flaw, an attacker could circumvent this prompt, potentially exposing the user to security risks or privacy leaks through the external application.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to security vulnerabilities or privacy leaks by allowing malicious links to open external applications without user consent. This could result in unauthorized actions or data exposure through those external applications.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox for Android to version 140 or later, as versions prior to 140 are affected. Avoid opening links in external applications from untrusted sources until the update is applied.